![[The AI Show Episode 144]: ChatGPT’s New Memory, Shopify CEO’s Leaked “AI First” Memo, Google Cloud Next Releases, o3 and o4-mini Coming Soon & Llama 4’s Rocky Launch](https://www.marketingaiinstitute.com/hubfs/ep%20144%20cover.png)
![Blue Archive tier list [April 2025]](https://media.pocketgamer.com/artwork/na-33404-1636469504/blue-archive-screenshot-2.jpg?#)
.png?#)
.png?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#)
.webp?#)
![PSA: It’s not just you, Spotify is down [U: Fixed]](https://i0.wp.com/9to5mac.com/wp-content/uploads/sites/6/2023/06/spotify-logo-2.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1){kind=logo}
![Pixel 9a vs. Pixel 7a: Is now the time to upgrade? [Video]](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2025/04/Pixel-7a-8a-and-9a-design.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1){kind=tracking}
![[Update: Optional] Google rolling out auto-restart security feature to Android](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2025/01/google-play-services-2.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1)
![Apple Releases iOS 18.4.1 and iPadOS 18.4.1 [Download]](https://www.iclarified.com/images/news/97043/97043/97043-640.jpg)
![Apple Releases visionOS 2.4.1 for Vision Pro [Download]](https://www.iclarified.com/images/news/97046/97046/97046-640.jpg)
![Apple Vision 'Air' Headset May Feature Titanium and iPhone 5-Era Black Finish [Rumor]](https://www.iclarified.com/images/news/97040/97040/97040-640.jpg)
![[Update: Trump Backtracks]The U.S. Just Defunded a Key Security Database, And Your Android Phone Could Pay the Price](https://www.androidheadlines.com/wp-content/uploads/2025/03/Android-logo-AM-AH.jpg){kind=logo}
Zoom Workplace Apps Vulnerability Let Attackers Inject Malicious Script
Zoom has released updates to address multiple vulnerabilities affecting its Workplace applications across various platforms. The most pressing flaw could allow attackers to inject malicious scripts, potentially compromising the integrity of user data. Users are strongly encouraged to apply the latest updates to protect themselves. The vulnerabilities, detailed in Zoom Security Bulletin ZSB-25013, affect a […] The post Zoom Workplace Apps Vulnerability Let Attackers Inject Malicious Script appeared first on Cyber Security News.
Zoom has released updates to address multiple vulnerabilities affecting its Workplace applications across various platforms.
The most pressing flaw could allow attackers to inject malicious scripts, potentially compromising the integrity of user data. Users are strongly encouraged to apply the latest updates to protect themselves.
The vulnerabilities, detailed in Zoom Security Bulletin ZSB-25013, affect a wide range of Zoom Workplace applications, including desktop apps for Windows, macOS, and Linux and mobile apps for iOS and Android.
The VDI Client for Windows, Zoom Rooms Controller, Zoom Rooms Client, and Zoom Meeting SDK across different operating systems are also impacted.
Cross-Site Scripting Vulnerability (CVE-2025-27441, CVE-2025-27442)
The most severe vulnerability is a cross-site scripting (XSS) flaw (CVE-2025-27441, CVE-2025-27442) that carries a CVSS score of 4.6, classifying it as a medium severity issue. The vulnerability exists in some Zoom Workplace Apps.
An unauthenticated attacker with adjacent network access could exploit this vulnerability to inject malicious scripts. Successful exploitation could lead to a loss of integrity.
The CVSS vector string associated with this vulnerability is CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N.
Insecure Default Variable Initialization (CVE-2025-27443)
Another vulnerability (CVE-2025-27443) affects Zoom Workplace Apps for Windows and is related to insecure default variable initialization. An authenticated local user could exploit this vulnerability to conduct a loss of integrity.
This vulnerability has a CVSS score of 2.8, which means it is a low-severity issue.
Null Pointer Dereference Vulnerabilities (CVE-2025-30670, CVE-2025-30671, CVE-2025-30672)
Multiple null pointer dereference vulnerabilities (CVE-2025-30670, CVE-2025-30671, CVE-2025-30672) exist in Zoom Workplace Apps for Windows. An authenticated user could exploit these vulnerabilities to cause a denial of service via network access.
These vulnerabilities have a CVSS score of 5.4 and are considered medium severity.
Affected Products and Versions
The vulnerabilities affect the following products:
- Zoom Workplace Desktop App for Windows before version 6.3.10
- Zoom Workplace Desktop App for macOS before version 6.3.10
- Zoom Workplace Desktop App for Linux before version 6.3.10
- Zoom Workplace App for iOS before version 6.3.10
- Zoom Workplace App for Android before version 6.3.10
- Zoom Workplace VDI Client for Windows before version 6.2.12 (except version 6.1.16)
- Zoom Rooms Controller for Windows before version 6.4.0
- Zoom Rooms Controller for macOS before version 6.4.0
- Zoom Rooms Controller for Linux before version 6.4.0
- Zoom Rooms Controller for Android before version 6.4.0
- Zoom Rooms Client for Windows before version 6.4.0
- Zoom Rooms Client for macOS before version 6.4.0
- Zoom Rooms Client for Android before version 6.4.0
- Zoom Rooms Client for iPad before version 6.4.0
- Zoom Meeting SDK for Windows before version 6.3.10
- Zoom Meeting SDK for iOS before version 6.3.10
- Zoom Meeting SDK for Android before version 6.3.0
- Zoom Meeting SDK for macOS before version 6.3.0
- Zoom Meeting SDK for Linux before version 6.3.0
Update Now
Zoom has released updated versions of the affected applications to address these vulnerabilities. Users are advised to update to the latest versions as soon as possible. Updates can be downloaded from the Zoom website.
Zoom Engineering Security and fre3dm4n reported these vulnerabilities to Zoom.
Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!
The post Zoom Workplace Apps Vulnerability Let Attackers Inject Malicious Script appeared first on Cyber Security News.
